IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
client requested on tconx. We now return the same error
code like NT4SP6 and W2kSP3 return.
TCONDEV is a little test for this.
Volker
(This used to be commit 6ab88f31d6773f16baff8421ec9e530461cc8f93)
When we look see if a user is in a list, and we try to 'expand' an @group, we
should lookup the user's own list of groups, rather than looking for all the
members of a group.
I'm sure this will fix some nasty performance issues, particularly on large
domains etc. In particular, this avoids contacting winbind at all, if the
group is not a winbind group.
(This caused a deadlock on my winbind-on-PDC setup).
The groups list always includes the user's primary group, as per the
getgrouplist manpage, and my recent changes to our implementation.
Andrew Bartlett
(This used to be commit 9be21976f7662ebe6eb92fff7cecbdb352eca334)
the commit to reply.c just matches a pstrcpy for the pstring. (harmless, fixes
it for the automated test).
Andrew Bartlett
(This used to be commit ef9c7586ac152304cacaf2c16115adc2bccefc22)
the loaded list on error). Also change some of the error returns, becouse
NT_STATUS_UNSUCCESSFUL gives a most useless error message on the client.
As for which error, my logic is that a share without a valid VFS module is
not a valid share, and therefore should return the same error as a non-existant
share.
Andrew Bartlett
(This used to be commit 41178afdbd2b3de94cf272ce32764a1947e73ea8)
this follows the method used for remote_machine and also fixes the
problem of anonymous connections clobbering the string
(This used to be commit 9ead4fc3c3f8b83f03c762a4dab77a64aabccbf9)
some basic usages like 'include = smb.conf.%U'
This changes fixes things again, by checking for reload after we setup
current_user in tconx.
(This used to be commit d664e6b4d20d545b31910666d9cea7384fd40a73)
dashes of const. This is a rather large check-in, some things may break.
It does compile though :-).
Jeremy.
(This used to be commit 82b8f749a36b42e22186297482aad2abb04fab8a)
sending broadcast messages. Also initial cut-down of printing notify
messages (not yet finished).
Jeremy.
(This used to be commit aca333719695b278843c59e1c6eb07d6655fd59c)
- Don't print an uninitialised buffer in service.c
- Change some charcnv.c functions to take smb_ucs2_t ** instead of void **
- Update NTLMv2 code to use dynamic buffers
- Update experimental SMB signing code - still more work to do
- Move sys_getgrouplist() to SAFE_FREE() and do a DEBUG() on initgroups()
failure.
Andrew Bartlett
(This used to be commit de1964f7fa855022258a84556b266100b917444b)
our authenticaion code - removing some of the duplication from the current
code.
This also gets us *much* closer to supporting a real SAM backend, becouse the
SAM can give us the right info then.
This also changes our service.c code, so that we do a VUID (rather than uid)
cache on the connection struct, and do full NT ACL/NT_TOKEN checks (or cached
equivilant) on every packet, for the same r or rw mode the whole share was open
for.
Andrew Bartlett
(This used to be commit d8122cee059fc7098bfa7e42e638a9958b3ac902)
session setup, it would not correctly pick up the [homes] share on a subsequent
session setup.
The new rules are: If you want to connect to [homes], then it must have been
available at session setup time, or you must be in security=share. At each
session setup, the user's copy of [homes] is updated to ensure it has the right
path etc.
Andrew Bartlett
(This used to be commit 5d2c7816a3ea02a67c5b501626d91d43557e9dd9)
* DeletePrinterDriverEx() now has the ability to delete
driver files. I need to do some more testing
tro veriofy that we are in fact not deleting a file out from
under another driver, but it looks ok so far.
* DeletePrinterDriver() noiw deletes all versions of the
specified driver (cversion == 0, 1, 2, 3)
(This used to be commit 17bb780e1327663fa2fcd6a3cb25dd461a29c537)
Went through and checked all string_subs I could to ensure they're being
used correctly.
Jeremy.
(This used to be commit 17cae0d683be404be69554cd0e84117bdcc56c87)
to a Samba print server running HEAD in a while. This has been broken
since tridge's changes to make_connection() to not do the chdir()
to the connect_path. Sorry it took me so long to get around to fixing it.
The problem occured with our internal use of make_connection().
jerry
(This used to be commit b5bc8aa0f68ceebfb5c0ec15ff93b0172cec36d8)
and we seem to have eliminated the segfault.
Unfortunetly I'm still at a bit of a loss as to why it did segfault, but
the patch is correct in any case.
Andrew Bartlett
(This used to be commit 70c16188c7a267f9f3f8de0b6830f66c9e68a2c7)
The aim of this execise is to give the 'security>=user' code a straight paper
path. Security=share will sill call authorise_login(), but otherwise we avoid
that mess.
This allow *much* more accurate error code reporting, beocuse we don't start
pretending that we can use the (nonexistant) password etc.
Also in this patch is code to create the 'homes' share at session setup time
(as we have done in the past - been broken recently) and to record this on
the user's vuser struct for later reference. The changes here should also
allow for much better use of %H (some more changes to come here).
The service.c changes move a lot of code around, but are not as drastric
as they look...
(Also included is a fix to srv_srvsvc_nt.c where 'total_entries' not
'*total_entries' was compared).
This code is needs testing, but passes my basic tests.
I expect we have lost some functionality, but the stuff I had expected
to loose was already broken before I started. In particular, we don't 'fall
back' to guest if the user cannot access a share (for security=user). If you
want this kind of stuff then you really want security=share anyway.
Andrew Bartlett
(This used to be commit 4c0cbcaed95231f8cf11edb43f6adbec9a0d0b5c)
cleanup some of the code in net_rpc_join re const warnings and
fstrings.
Passdb:
Make the %u and %U substituions in passdb work.
This is done by declaring these paramters to be 'const' and doing
the substitution manually. I'm told this is us going full circle,
but I can't really see a better way.
Finally these things actually seem to work properly...
Make the lanman code use the pdb's recorded values for homedir etc
rather than the values from lp_*()
Add code to set the plaintext password in the passdb, where it can
decide how to store/set it. For use with a future 'ldap password
change' option, or somthing like that...
Add pdb_unix, so as to remove the 'not in passdb' special cases from the
local_lookup_*() code. Quite small, as it uses the new 'struct passwd ->
SAM_ACCOUNT' code that is now in just one place. (also used by pdb_smbpasswd)
Other:
Fix up the adding of [homes] at session setup time to actually pass
the right string, that is the unix homedir, not the UNC path.
Fix up [homes] so that for winbind users is picks the correct name.
(bad interactions with the default domain code previously)
Change the rpc_server/srv_lsa_nt.c code to match NT when for the
SATUS_NONE_MAPPED reply: This was only being triggered on
no queries, now it is on the 'no mappings' (ie all mappings failed).
Checked against Win2k.
Policy Question: Should SID -> unix_user.234/unix_group.364 be
considered a mapping or not? Currently it isn't.
Andrew Bartlett
(This used to be commit c28668068b5a3b3cf3c4317e5fb32ec9957f3e34)
tconx, so win2000 clients don't expect a permissions error in
tconx. We now match this behaviour, by only checking that the
directory exists during tconx and relying on the permissions on other
calls to protect directories
(This used to be commit 4fc476686476da31cc2b45badb05cb0765259f98)
<a.bokovoy@sam-solutions.net>.
This patch is designed to remove the 'special cases' required for this support.
In particular this now kills off winbind_initgroups, as it appears no longer to
be required.
Andrew Bartlett
(This used to be commit f1d8d509766e9169d39332559162cfec249bfc70)
of the connections db on smbd startup. This should fix the Solaris large
load bug.... (fingers crossed).
Jeremy.
(This used to be commit 5b2b9c25af28543e67762805d1387524cbb6c39d)
code.
In particular this assists tpot in some of his work, becouse it provides the
connection between the authenticaion and the vuid generation.
Major Changes:
- Fully malloc'ed structures.
- Massive rework of the code so that all structures are made and destroyed
using malloc and free, rather than hanging around on the stack.
- SAM_ACCOUNT unix uids and gids are now pointers to the same, to allow them
to be declared 'invalid' without the chance that people might get ROOT by
default.
- kill off some of the "DOMAIN\user" lookups. These can be readded at a more
appropriate place (probably domain_client_validate.c) in the future. They
don't belong in session setups.
- Massive introduction of DATA_BLOB structures, particularly for passwords.
- Use NTLMSSP flags to tell the backend what its getting, rather than magic
lenghths.
- Fix winbind back up again, but tpot is redoing this soon anyway.
- Abstract much of the work in srv_netlog_nt back into auth helper functions.
This is a LARGE change, and any assistance is testing it is appriciated.
Domain logons are still broken (as far as I can tell) but other functionality
seems
intact.
Needs testing with a wide variety of MS clients.
Andrew Bartlett
(This used to be commit f70fb819b2f57bd57232b51808345e2319d52f6c)
In particular this commit focuses on:
Changing the Get_Pwnam code so that it can work in a const-enforced
environment.
While these changes have been mildly tested, and are pretty small, any
assistance in this is appreciated.
----
These changes allow for 'const' in the Samba tree.
There are a number of good reasons to do this:
- I want to allow the SAM_ACCOUNT structure to move from wasteful
pstrings and fstrings to allocated strings. We can't do that if
people are modifying these outputs, as they may well make
assumptions about getting pstrings and fstrings
- I want --with-pam_smbpass to compile with a slightly sane
volume of warnings, currently its pretty bad, even in 2.2
where is compiles at all.
- Tridge assures me that he no longer opposes 'const religion'
based on the ability to #define const the problem away.
- Changed Get_Pwnam(x,y) into two variants (so that the const
parameter can work correctly): - Get_Pwnam(const x) and
Get_Pwnam_Modify(x).
- Reworked smbd/chgpasswd.c to work with these mods, passing
around a 'struct passwd' rather than the modified username
(This used to be commit e7634f81c5116ff4addfb7e495f54b6bb78e8f77)
some sainity, avoiding things like 'root preexec' when the connection would
otherwise already be denied (max connections).
This does change behaviour, but I think its for the best.
Andrew Bartlett
(This used to be commit 99e8a263ada41de2662a0290fda3dd9df3ac0cd4)
